Imperva CEO: Companies Are Getting It Wrong On Cybersecurity

A screenshot of Havij, one of the most popular, free tools for automating an SQL injection attack

Protecting our online data is vital, but security executives often lament that their industry isn't given the attention it deserves. Companies tend to react to cyber attacks rather than prepare for them, and malicious hackers meanwhile learn new tricks to circumvent the gates. "There is a dislocation," says Shlomo Kramer, the chief executive of IT security firm Imperva and a 25-year veteran of the security industry. "The anti-virus market is not very useful against the new types of malware that come everyday. It's a $10 billion market. It's a renewal market."

By "renewal," Kramer means that IT managers at large companies -- typically chief information officers (CIOs) -- prefer to sign checks for the same, established software to protect their web applications, rather than make the uncomfortable changes necessary. It's easier to do the former than change how money is spent, which can require all manner of approvals.

"But in security, the bad guys change and evolve," says Kramer.

The Imperva chief is used to change himself -- he got into cyber security after an obligatory five-year stint in the Israeli army, specializing in intelligence. The Internet was in its nascent phases and more companies were excited about connecting to it. The trouble was that its landscape was wide open to threats from viruses, malware and hackers. He and friends Gil Shwed and Marius Nacht started Check Point in 1993, which continues to provides firewall products for networks. That firm's current market cap is $9.9 billion.

"I was not a hacker," Kramer says in a soft, Israeli accent, though some of his other business partners were. "I came primarily from the defence side."

Then in 2002 he founded Imperva, after noticing that companies were focusing too much on protecting the perimeter of their networks, rather than guarding their most prized possession -- data itself -- from simple and increasingly prevalent attacks methods like SQL injection. Kramer wanted to protect web applications, not just networks, from more external attacks like SQLi, business logic attacks and site scraping. "Most attempts want to chase the mice," he says, "but you need to put protection around the cheese."

Today Imperva, which has a market cap of roughly $715 million, is competing against larger, established security giants like MacAffee and Symantec; but the company is seeing decent growth, posting a 30% rise in revenues in its last fiscal year, hiring more sales staff and clocking 2,000 enterprise customers. "Our pipeline growth is faster than our booking growth, which is faster than our revenue growth," says Kramer. His company recently posted a quarterly loss of $1.5 million, but the deficit was smaller than the year before.

The company went public in 2011, and takes a particularly keen interest in Anonymous and the rise of hacktivism, releasing a series of research notes in the last year on some of the subversive-cyber network's most high-profile hits, such as the August 2011 attack on the Vatican.

Given the growth of the cyber security market and the need to constantly adapt, does Kramer believe there's an unnecessary amount of scaremongering in the media and industry over potential cyber threats? His answer is no, and that the threat is very real.

"People need to take it more seriously," he says. "Security is an area where you see a lot of organizations spending a lot of money emotionally in areas where they shouldn't spend that money, and not spending the money where they should."